I'm trying to establish a VPN Connection to my university. I installed strongswan-full und my /etc/ipsec.conf reads:
conn uni
keyexchange=ikev2
right=vpn.uni
rightid=%vpn.uni
rightsubnet=0.0.0.0/0
#rightauth=pubkey
leftsourceip=%config
leftauth=eap
eap_identity=username
auto=add
when establishing the connection with ipsec stroke up uni some certificates are succesfully validated by it ends with:
ocsp response verification failed, no signer certificate 'C=DE, ST=, L=, O=, CN=PN: OCSP-Responder' found
ocsp response correctly signed by "C=DE, O=DFN-Verein, OU=DFN-PKI, CN=PN: OCSP-Responder"
ocsp response is valid: until Aug 15 16:38:17 2018
using cached ocsp response
certificate status is good
no issuer certificate found for "C=DE, O=DFN-Verein, OU=DFN-PKI, CN=DFN-Verein PCA Global - G01"
no trusted RSA public key found for 'C=DE, ST=, L=, O=, CN=vpn.'
It seems that some root certificate could not be found. I downloaded the certifiacte manually and put it in /etc/ipsec.d/cacerts, but still get the same error. Any help would be welcome.